Social networks like Facebook, which now boasts 1.15 billion users and Twitter having reached its 500 millionth user, make for a profitable playground for today's opportunistic hacker. These large user bases offer cyber criminals the opportunity to hijack millions - if not billions - of consumers' personal information for fraudulent ID theft activity. While it will come as no surprise that cyber criminals regularly use malware to target consumers for their information, a recent cyber security study revealed that cyber attacks targeting social media networks are steadily on the rise.
Like most things, data breaches come in all shapes and sizes, so it was no surprise to me when I read recent headlines about the number of fake "likes" being sold alongside credit card numbers and other stolen information on various hacker networks.
Nowadays, organisations launching a new service or product, look to social media to generate buzz and to encourage consumers to engage with the brand fully, rather than relying on the traditional advertising tactics of the yesteryear. It made me wonder how many of the billion social media users out there even realise their profile or "likes" are now being regarded as a high-in-demand commodity - particularly amongst hackers and marketers.
It was the news website Reuters, which recently reported that "a fake fan on a website like Instagram can actually be worth five times more than a stolen credit card number".
This is music to any cyber criminal looking to make a quick buck, at a time when industry's demand for social connection is so high. Advantageous hackers have seized this opportunity by altering an existing virus called Zeus, previously used to steal credit card information, to manipulate social media platforms like Facebook, Twitter and Instagram.
Using Zeus, hackers are able to create and sell bogus "likes" and "follower" endorsements easily. Organisations purchasing these "social bundles" to boost marketing campaigns need to be aware that some of these are likely to be carrying a strand of malware that, once activated, can be used to access and siphon data from real user profiles liking or following a campaign.
South African Facebook users recently fell victim to another social media malware breach, which had profiles being duplicated and fake friend invitations sent to existing connections with a link to "accept the friend request".
Those who make the mistake of clicking on the unsuspecting link are then offered an update prompting a software download, which immediately provides hackers with access to the device and, in turn, all its data. This form of hacking is subtle and, as a result, the majority of those affected do not even realise their device or information has been compromised until it's too late.
For business owners, this can become somewhat nightmarish, as trends like Bring Your Own Device (BYOD) and using social networks for business, find their common place in today's work environment and fuel the way in which employees prefer to work.
If you find yourself using your own personal or work device to connect to corporate networks as well as to socialise with friends and followers, you must ensure adequate protection is installed and is regularly updated to keep both personal and professional information secure. With the regularity and rate at which cybercrime now takes place, this is no longer just nice to have; protection needs to be top of mind when it comes to safeguarding data across devices successfully, particularly when they are used for both work and play.
Carelessness, combined with little to no security, means that once hackers load malware onto your device via a social network, they have complete and utter freedom to infect, steal and monitor all personal and corporate information accessed, shared and stored on the device. After all, the open nature of these platforms lends itself to exploitation of the human condition.
